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DETAILED ACTION 

Response to Amendment 

1 . In response to communications filed on 12/12/2007, applicant does not amend, 
cancel or add any claims. The following claims, claims 1-33 are presented for 
examination. 

Response to Remarks/Arguments 

2.1 Applicant's arguments, pages 9-12, with respect to the rejection of claims 1-33 
have been fully considered but they are not persuasive. 

2.2 In response to Applicant argument that the Malkin reference does not teach or 
suggest requests coming "from the initiator of the request," the Examiner respectfully 
disagrees citing column 2 lines 25-39 which recites, "the RAS completes the Link 
Control Protocol phase and initiates the authentication phase of the Point-to-Point 
Protocol (PPP)." Malkin goes further to recite, as cited in the previous Office Action that 
the "RAS using [identification] ... information to generate a remote authentication 
request that is sent to the appropriate Authentication Server (AS)." 

2.3 The Examiner further disagrees with Applicant argument that the tunnel 
registration request is not an acknowledgement, citing column 2 lines 65-67 and col. 3 
lines 1-5 - "gateway completes the tunnel by responding to the RAS with a tunnel 
registration response. Once the tunnel is complete, the authentication phase of PPP 
is complete and the RAS may then perform the Network Control Protocol (NCP) 
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negotiations with the remote node in order to finish establishing open communication 
between the remote node and the home network"). 

2.4 In response to Applicant argument that the Malkin reference does not teach or 
suggest comparing a source address of a data packet against known internal address of 
a private network, the Examiner respectfully disagrees citing column 2 lines 30-39, 
which recites, "obtaining] the address if the gateway to the remote node's home 
network and other information needed to establish connection with a destination within 
the home network." 

2.5 Applicant further argues that Malkin does not teach or suggest refusing to 
process additional data packets received from the real source, to which the Examiner 
respectfully disagrees citing column 3 lines 57-61 - "if an entry is not found, in step 214 
the TMS will send a message to the RAS indicating an entry was not found .... The 
RAS will then terminate the PPP connection (refuse to process additional packets) with 
the remote node (from the real source)". 

2.6 For at least the reasons presented above, the Examiner maintains the rejection 
of above mentioned claims and their dependents. 



Claim Rejections - 35 USC § 102 
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3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

Claims 1-10,1 5-21 , 27-29 and 30-33 are rejected under 35 U.S.C. 102(b) as 
being disclosed by Malkin et al. 

Regarding claims 1. 27- 29 and 31 , Malkin et al. . discloses a method for blocking 
an attack on a private network implemented by a routing device interconnecting 
the private network to a public network, comprising: receiving a request for 
connection from an initiator, over the public network (col. 2 lines 40-47 - "RAS 
using [identification] ... information to generate a remote authentication request 
that is sent to the appropriate Authentication Server (AS)"); requesting an 
acknowledgment from the initiator of the request (col. 2 lines 57-64 - "Once the 
user is authenticated by the AS , the Remote Access Server (RAS) begins to 
establish a 'tunnel' with the appropriate gateway by generating and sending a 
tunnel registration request ), determining whether the acknowledgment has 
been received within a predetermined amount of time and denying the request if 
the acknowledgment is not received within the predetermined amount of time 
(col. 2 lines 65-67 and col. 3 lines 1-5 - "gateway completes the tunnel by 
responding to the RAS with a tunnel registration response. Once the tunnel is 
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complete, the authentication phase of PPP is complete and the RAS may then 
perform the Network Control Protocol (NCP) negotiations with the remote node in 
order to finish establishing open communication between the remote node and 
the home network"). 

Regarding claim 2 , Malkin et al. . discloses the method of claim 1 , wherein the 
public network is the Internet (col. 3 lines 61-67 and col. 4 lines 1-9 - establishes 
a connection using the "Internet Protocol"). 

Regarding claim 3 , Malkin et al. . discloses the method of claim 2, wherein the 
routing device is a firewall providing access to the Internet (col. 2 lines 57-64 - 
"gateway"). 

Regarding claim 4 , Malkin et al. . discloses the method of claim 1 , further 
comprising processing the request if the acknowledgement is received (col. 2 
lines 65-67 and col. 3 lines 1-5 - "gateway completes the tunnel by responding to 
the RAS with a tunnel registration response. Once the tunnel is complete, the 
authentication phase of PPP is complete and the RAS may then perform the 
Network Control Protocol (NCP) negotiations with the remote node in order to 
finish establishing open communication between the remote node and the home 
network"). 
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Regarding claim 5 , Malkin et al. , discloses the method of claim 1 , further 
comprising adding an IP address of the initiator to a cache of IP addresses if the 
acknowledgement is not received (col. 4 lines 9-14 - "the RAS internally stores 
the information provided by the Tunnel Management System (TMS)"). 

Regarding claim 6 , Malkin et al. . discloses the method of claim 5, further 
comprising denying access through the routing device to any IP address on the 
cache of IP addresses (col. 5 lines 20-25 - "after a predetermined number of 
unsuccessful attempts, the RAS will terminate the PPP connection with the 
remote node [using the information internally stored information regarding said 
node]"). 

Regarding claim 7 , Malkin et al. , discloses the method of claim 1 , further 
comprising storing information about the initiator on a system log for analysis by 
the system administrator (col. 4 lines 9-14 - "the RAS internally stores the 
information provided by the Tunnel Management System (TMS)").). 

Regarding claim 8 , Malkin et al. , discloses the method of claim 1 , further 
comprising storing information about the request for connection on a system log 
for analysis by the system administrator (col. 4 lines 9-14 - "the RAS internally 
stores the information provided by the Tunnel Management System (TMS)").). 
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Regarding claim 9 , Malkin et al. . discloses the method of claim 1 , further 
comprising determining if a prior request for an acknowledgement has been sent 
to an IP address associated with the initiator and been unacknowledged within a 
predetermined amount of time, if the acknowledgement is not received (col. 5 
lines 20-25 - "after a predetermined number of unsuccessful attempts, the RAS 
will terminate the PPP connection with the remote node"). 

Regarding claim 10 , Malkin et al. . discloses the method of claim 1 , further 
comprising using diagnostic tools to determine additional information about a 
source of the request for connection (col. 2 lines 25-39 - "the remote node 
queries the service provider's TMS to obtain [additional information]"). 

Regarding claim 15 , Malkin et al. , discloses a method for blocking an attack on a 
private network implemented by a routing device interconnecting the private 
network to a public network, comprising: receiving an incoming data packet from 
the public network; comparing a source address of the data packet against 
known internal addresses of the private network; determining if the source 
address matches a known internal address; and if there is a match: dropping the 
data packet; analyzing a header of the data packet; determining information 
regarding a history of the packet; determining a real source of the data packet 
using the information regarding the history of the packet; and refusing to process 
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any additional data packets received from the real source of the data packet 
(Rejected under the same rational as claim 1). 

Regarding claim 16 , Malkin et al. . discloses the method of claim 15, further 
comprising storing data about the data packet on a system log, for use and 
analysis by a system administrator (Rejected under the same rational as claim 
7). 

Regarding claim 17 , Malkin et al. , discloses the method of claim 15, wherein the 
public network is the Internet (Rejected under the same rational as claim 2). 

Regarding claim 18 , Malkin et al. . discloses the method of claim 17, wherein the 
routing device is a firewall providing access to the Internet (Rejected under the 
same rational as claim 3). 

Regarding claim 19 , Malkin et al. . discloses the method of claim 15, further 
comprising forwarding the data packet to the private network if there is not a 
match (Rejected under the same rational as claim 6). 

Regarding claim 20 . Malkin et al. . discloses the method of claim 15, further 
comprising adding an IP address of the data packet to a cache of IP addresses if 
there is a match (Rejected under the same rational as claim 6). 
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Regarding claim 21 . Malkin et al. . discloses the method of claim 20, further 
comprising denying access through the routing device to any IP address on the 
cache of IP addresses (Rejected under the same rational as claim 6). 

Regarding claim 30 , Malkin et al. . discloses a system for blocking an attack on a 
private network, comprising: means for interconnecting a private network to a 
public network; means for receiving a request for connection from an initiator, 
over the public network; means for requesting an acknowledgment from the 
initiator of the request; means for determining whether the acknowledgment has 
been received within a predetermined amount of time and means for denying the 
request if the acknowledgment is not received within the predetermined amount 
of time (col. 5 lines 20-25 - "after a predetermined number of unsuccessful 
attempts, the RAS will terminate the PPP connection with the remote node"). 

Regarding claim 32 , Malkin et al. . discloses a software embodied in a computer- 
readable medium, the computer-readable medium comprising code operable to: 
interconnect a private network to a public network; receive a request for 
connection from an initiator, over the public network; request an acknowledgment 
from the initiator of the request; determine whether the acknowledgment has 
been received within a predetermined amount of time; and deny the request if the 
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acknowledgment is not received within the predetermined amount of time (col. 7 
lines 7-17). 

Regarding claim 33 , Malkin et al. . discloses a Software embodied in a computer- 
readable medium, the computer-readable medium comprising code operable to: 
receive an incoming data packet from the public network; compare a source 
address of the data packet against known internal addresses of the private 
network; determine if the source address matches a known internal address; and 
if there is a match: drop the data packet; analyze a header of the data packet; 
determine information regarding a history of the packet; determine a real source 
of the data packet using the information regarding the history of the packet; and 
refuse to process any additional data packets received from the real source of 
the data packet (col. 7 lines 7-17). 



Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 11-14 and 2-26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Malkin et al. (US Patent No. 6,061 ,650) and further in view of 
Levinson et al. (US Application Publication No. 20030053170). 

Regarding claim 1 1 , Malkin et al. , is silent in disclosing the method of claim 10, 
wherein using diagnostic tools to determine additional information about a source 
of the request for connection comprises using trace root diagnostic tools to 
determine information about the source of the request for connection, however 
Levinson et al. does disclose network tools used in collection additional about a 
network (0008 - "network diagnostics"). It would have been obvious for one of 
ordinary skill in the art to modify the disclosed network diagnostic functions of 
Levinson et al. into the specific network diagnostic tools mentioned within the 
claim language such as "trace root, NeStat (NS) lookup, ping, etc." It would have 
been obvious because one of ordinary skill in the art would know that the 
disclosed "network diagnostic" functions comprises these specifically mentioned 
tools. 

Regarding claim 12 , Malkin et al. . discloses the method of claim 10, wherein 
using diagnostic tools to determine additional information about a source of the 
request for connection comprises using ping diagnostic tools to determine 
information about the source of the request for connection (Rejected under the 
same rationale as claim 11). 
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Regarding claim 13 , Malkin et al. . discloses the method of claim 10, wherein 
using diagnostic tools to determine additional information about a source of the 
request for connection comprises using NS lookup diagnostic tools to determine 
information about the source of the request for connection (Rejected under the 
same rationale as claim 11). 

Regarding claim 14 , Malkin et al. . discloses the method of claim 10, further 
comprising forwarding the additional information to a system administrator via 
electronic mail (0046 - "send a electronic message"). 

Regarding claim 22 , Malkin etal. . discloses the method of claim 15, further 
comprising using diagnostic tools to determine additional information about a 
source of the data packet (Rejected under the same rational as claim 1 1 ). 

Regarding claim 23 , Malkin et al. . discloses the method of claim 22, wherein 
using diagnostic tools to determine additional information about a source of the 
data packet comprises using trace root diagnostic tools to determine additional 
information about the source of the data packet (Rejected under the same 
rational as claim 11). 

Regarding claim 24 . Malkin et al. . discloses the method of claim 22, wherein 
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using diagnostic tools to determine additional information about a source of the 
data packet comprises using ping diagnostic tools to determine additional 
information about the source of the data packet (Rejected under the same 
rationale as claim 11). 

Regarding claim 25 , Malkin et al. . discloses the method of claim 22, wherein 
using diagnostic tools to determine additional information about a source of the 
data packet comprises using NS lookup diagnostic tools to determine additional 
information about the source of the data packet (Rejected under the same 
rational as claim 11). 



Regarding claim 26 , Malkin et al. , discloses the method of claim 22, further 
comprising forwarding the additional information to a system administrator via 
electronic mail (Rejected under the same rational as claim 11). 
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Conclusion 

5. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CHINWENDU C. OKORONKWO whose telephone 
number is (571 )272-2662. The examiner can normally be reached on MWF 2:30 - 6:00, 
TR 9:00-3:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571) 272 4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

10. O. O.I 

Examiner, Art Unit 2136 



/Nasser G Moazzami/ 

Supervisory Patent Examiner, Art Unit 2136 



